3999 matches found
thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link
The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...
thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link
The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...
BIT-MARIADB-MIN-2021-46662
MariaDB through 10.5.9 allows a setvar.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery...
CVE-2025-49442
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mostafa Shahiri Simple Nested Menu simple-nested-menu allows Stored XSS.This issue affects Simple Nested Menu: from n/a through = 1.0...
CVE-2025-49442
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mostafa Shahiri Simple Nested Menu simple-nested-menu allows Stored XSS.This issue affects Simple Nested Menu: from n/a through = 1.0...
CVE-2025-49442
CVE-2025-49442 is a Stored XSS in the Simple Nested Menu WordPress plugin (affected: Simple Nested Menu
CVE-2025-49442 WordPress Simple Nested Menu <= 1.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mostafa Shahiri Simple Nested Menu allows Stored XSS. This issue affects Simple Nested Menu: from n/a through 1.0...
CVE-2025-49442 WordPress Simple Nested Menu plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mostafa Shahiri Simple Nested Menu simple-nested-menu allows Stored XSS.This issue affects Simple Nested Menu: from n/a through = 1.0...
PT-2025-24265 · Unknown · Mostafa Shahiri Simple Nested Menu
Name of the Vulnerable Software and Affected Versions: Mostafa Shahiri Simple Nested Menu versions n/a through 1.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an...
WordPress plugin Simple Nested Menu 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...
thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link
The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...
thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link
The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...
thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link
The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...
thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link
The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...
thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link
The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...
DEBIAN-CVE-2025-37998
In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in outputuserspace This patch replaces the manual Netlink attribute iteration in outputuserspace with nlaforeachnested, which ensures that only well-formed attributes are processed...
GHSA-W6Q7-J642-7C25 vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py`
Summary A Regular Expression Denial of Service ReDoS vulnerability exists in the file vllm/entrypoints/openai/toolparsers/pythonictoolparser.py of the vLLM project. The root cause is the use of a highly complex and nested regular expression for tool call detection, which can be exploited by an...
Denial of Service(DOS) in JSONReader
Description There exists a denial of service vulnerabilityDOS that occurs by python hitting max recursion depth while parsing a deeply nested json file using JSONReader. Vulnerable piece of code...
thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link
The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...
The vulnerability of the iommufdHWPT_nested_alloc() function in the Linux operating system’s IOMMU kernel driver allows a hacker to cause a service failure.
The vulnerability of the iommufdHWPTnestedalloc function in the Linux operating system’s IOMMU support driver is related to pointer aliasing. Exploiting this vulnerability could allow an attacker to cause a service failure...